CVE-2024-52895 MEDIUM

CVE-2024-52895: IBM i denial of service

Vendor Ibm
Product i
Weakness CWE-754
Published February 14, 2025
Last update February 14, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database.

Key dates

02Disclosure timeline

February 14, 2025 CVE published
February 14, 2025 Record updated